Garland Technology ensures complete packet visibility by delivering a full platform of network TAP (test access point), inline bypass and packet broker products.
Garland Technology is committed to educating the benefits of having a strong foundation of network visibility and access. By providing this insight we protect the security of data across your network and beyond.
Garland Technology's resource library offers free use of white papers, eBooks, use cases, infographics, data sheets, video demos and more.
The TAP into Technology blog provides the latest news and insights on network access and visibility, including: network security, network monitoring and appliance connectivity and guest blogs from Industry experts and technology partners
Our extensive technology partnership ecosystem solves critical problems when it comes to network security, monitoring, application analysis, forensics and packet inspection.
Garland Technology is dedicated to high standards in quality and reliability, while delivering the greatest economical solutions for enterprise, service providers, and government agencies worldwide.
In April 2021, a ransomware attack shut down the largest pipeline network in the United States. Colonial Pipeline, which supplies almost 50% of the Northeast’s energy needs, lost nearly 100 gigabytes of proprietary data. In light of the multi-day shutdown of a major fuel distribution network, the NIST Cybersecurity Framework (NIST CSF) is generating renewed interest among energy stakeholders.
To date, ransomware attacks on the energy industry continue to multiply, targeting vulnerable IT systems to incapacitate critical energy infrastructure. Disturbingly, 50% of attacks on global energy infrastructure occur in the United States.
Most organizations (47.8%) in critical infrastructure sectors map their control systems to the NIST CSF. Other popular frameworks include the IEC 62443 (32%), NIST 800-53 (31.5%), NIST 800-82 (29.6%), and ISO 27000 Series (29.1%). However, in the last two years, the MITRE ATT&CK® ICS framework has emerged as a force multiplier in responding to cybersecurity threats, particularly in the oil & energy sector.
Before we explore the MITRE ATT&CK framework, we’ll look at new updates and overview the wide range of industrial compliances, including cybersecurity standards and frameworks that safeguard the critical infrastructure sector.
On June 17, 2021, NIST released a preliminary draft of its new Cyber Security Framework Profile for Ransomware Management (NISTIR 8374). In September, it produced a revised draft — public comments on this new draft were closed on October 8, 2021.
The NISTIR 8374 provides an actionable roadmap to help organizations respond to and reduce their susceptibility to ransomware attacks. It outlines basic cybersecurity controls and defensive measures mapped to the five elements of the NIST Cyber Security Framework: identify, protect, detect, respond, and recover.
The Ransomware Profile is specifically suited for organizations that have already adopted the NIST Cybersecurity Framework and NERC-CIP (Critical Infrastructure Protection) standards.
Meanwhile, to underline the energy sector’s commitment to securing the nation’s critical infrastructure assets, the API published its 3rd Edition of Standard (Std) 1164 on August 18, 2021. According to API Senior Vice President of API Global Industry Services (GIS) Debra Phillips, “The new edition API Std 1164 builds on our industry’s long history of... collaborating with the federal government to protect the nation’s vast network of pipelines and other critical energy infrastructure from cyber-attacks.”
This third edition also aligns with the objectives of the Justice Department’s newly created Ransomware and Digital Extortion Task Force.
Together, the new NISTIR and API STD 1164 updates serve as a powerful means of securing the nation’s critical infrastructure.
An effective governance blueprint can strengthen an organization’s response to IT/OT cyber-related risks.
This is where the ATT&CK® ICS framework comes in. This new framework provides the basis for creating a successful defense strategy against the tactics and techniques threat actors use. According to the SANS 2021 OT/ICS Cybersecurity survey, 47% of respondents leverage MITRE ATT&CK® ICS to mitigate IT/OT cybersecurity incidents.
Although the NIST Cybersecurity Framework provides a comprehensive governance structure for identifying and responding to threats, it doesn’t offer a template for anticipating ransomware behaviors, detecting stealth reconnaissance activities, isolating attacks, or conducting a post-mortem analysis of cybersecurity incidents. However, the ATT&CK® ICS framework does.
Together, the NIST Cybersecurity and ATT&CK® ICS frameworks serve as a critical basis for mitigating the risks of IT/OT convergence in the energy sector.
NIST Cyber Security Framework (CSF): This is a five-function approach to mitigating an organization’s cyber security risks. It’s usually combined with the following standards:
Other frameworks include:
To satisfactorily comply with these important OT compliances, energy-related organizations must deploy the right asset management, threat detection, and response tools.
Today, gaining full asset visibility for discovery and management begins with 100% packet visibility, afforded by network TAPs (test access points). Relying on switch SPAN or mirror ports is not going to cut it in today’s environment, as they were not designed for continuous monitoring.
Complete visibility is the foundation of an effective cybersecurity threat detection and response solution. Threat detection and response are more critical than ever due to IT/OT convergence in the energy sector. For example, the IoT sensors that allow oil & gas firms to remotely monitor worker safety on offshore rigs rely on internet connectivity, which offers multiple security loopholes that endanger OT infrastructure.
Industrial teams turn to Network TAPs to provide packet visibility, not only because of the clear advantages over SPAN but because they are easy to deploy, rugged plug-and-play devices that are passive or failsafe and do not affect current configurations. Network TAPs are added to provide full-duplex copies of network traffic 24/7/365 that are secure and can provide unidirectional as well as media conversion and traffic aggregation options. All designed to make asset inventory and threat detection tool deployments seamless, ensuring compliance and security standards are met.
Looking to add network TAP visibility to meet compliance, but not sure where to start? Join us for a brief network Design-IT consultation or demo. No obligation - it’s what we love to do.
Michael Dumke is a Regional Sales Manager in the Industrial Sector at Garland Technology. Michael is passionate about solving network visibility challenges for customers across the United States.